Customer video feeds could be brought up with just an email address.
A lot of smart home products have popped up over the last few years, one of the most popular being smart security cameras and video doorbells. Amazon-owned Ring has been one of the top players in these niches for a few years, but if you’ve purchased any of the company’s products in the past, you may want to consider unplugging them and getting something else.
The Intercept published a report on Thursday, January 10, and in the report, it’s said that Ring employees at the company’s Ukraine research center have been able to view video footage from customers’ cameras and doorbells with nothing more than an email address.
This all started back in 2016, with the report reading as follows:
Beginning in 2016, according to one source, Ring provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world. This would amount to an enormous list of highly sensitive files that could be easily browsed and viewed. Downloading and sharing these customer video files would have required little more than a click.
All of the videos were reportedly left unencrypted, which Ring’s execs justified because “encryption would make the company less valuable.” Furthermore, Ring employees were given data that connected video files with specific customers.
The report continues:
Only a Ring customer’s email address was required to watch cameras from that person’s home. Although the source said they never personally witnessed any egregious abuses, they told The Intercept “I can say for an absolute fact if I knew a reporter or competitor’s email address, I could view all their cameras.” The source also recounted instances of Ring engineers “teasing each other about who they brought home” after romantic dates. Although the engineers in question were aware that they were being surveilled by their co-workers in real time, the source questioned whether their companions were similarly informed.
So, why did Ring give its employees access to all this information in the first place?
According to The Intercept, at least part of it was a result of Ring’s facial and object recognition system not being as good as the company wanted. By giving this data to employees, the goal was to improve the software to be better at accurately determining what the cameras were seeing.
A never-before-published image from an internal Ring document pulls back the veil of the company’s lofty security ambitions: Behind all the computer sophistication was a team of people drawing boxes around strangers, day in and day out, as they struggled to grant some semblance of human judgment to an algorithm. (The Intercept redacted a face from the image.)
Ring supposedly began to be stricter about this practice with its Ukraine employees following a visit from Amazon in May 2018, but that “staffers in Ukraine worked around the controls.”
So, what should you do if you have a Ring camera?
Whether or not your own a Ring product now, does this change your thought of the company as a whole? Let us know in the comments below.